Microsoft Windows: CVE-2020-0813: Scripting Engine Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.
Solution(s)
- microsoft-windows-windows_10-1709-kb4540681
- microsoft-windows-windows_10-1803-kb4540689
- microsoft-windows-windows_10-1809-kb4538461
- microsoft-windows-windows_10-1903-kb4540673
- microsoft-windows-windows_10-1909-kb4540673
- microsoft-windows-windows_server_2019-1809-kb4538461
- msft-kb4540673-27a7325b-a765-4956-ab15-a19091b61221
- msft-kb4540673-c13c3539-3ef4-481b-a305-d44fe74d2165
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center